Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sd9a-r7c8-w3gd

Summary Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

Aliases

alias	CVE-2015-8309

alias	PYSEC-2017-99

Fixed_packages

url	pkg:pypi/cherrymusic@0.36.0
purl	pkg:pypi/cherrymusic@0.36.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.36.0

Affected_packages

url pkg:pypi/cherrymusic@0.30.0

purl pkg:pypi/cherrymusic@0.30.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.30.0

url pkg:pypi/cherrymusic@0.31.0

purl pkg:pypi/cherrymusic@0.31.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.0

url pkg:pypi/cherrymusic@0.31.1

purl pkg:pypi/cherrymusic@0.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.1

url pkg:pypi/cherrymusic@0.31.2

purl pkg:pypi/cherrymusic@0.31.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.31.2

url pkg:pypi/cherrymusic@0.32.0

purl pkg:pypi/cherrymusic@0.32.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.32.0

url pkg:pypi/cherrymusic@0.33.0

purl pkg:pypi/cherrymusic@0.33.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.33.0

url pkg:pypi/cherrymusic@0.34.0

purl pkg:pypi/cherrymusic@0.34.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.34.0

url pkg:pypi/cherrymusic@0.34.1

purl pkg:pypi/cherrymusic@0.34.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.34.1

url pkg:pypi/cherrymusic@0.35.1

purl pkg:pypi/cherrymusic@0.35.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.35.1

url pkg:pypi/cherrymusic@0.35.2

purl pkg:pypi/cherrymusic@0.35.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sd9a-r7c8-w3gd

vulnerability	VCID-vrzn-4xhq-xkh9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cherrymusic@0.35.2

References

reference_url	https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86
reference_id
reference_type
scores
url	https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86

reference_url	https://github.com/devsnd/cherrymusic/issues/598
reference_id
reference_type
scores
url	https://github.com/devsnd/cherrymusic/issues/598

reference_url	https://www.exploit-db.com/exploits/40361/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40361/

reference_url	http://www.fomori.org/cherrymusic/Changes.html
reference_id
reference_type
scores
url	http://www.fomori.org/cherrymusic/Changes.html

reference_url	http://www.securityfocus.com/bid/97149
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97149

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd9a-r7c8-w3gd

Vulnerability Instance